[FFmpeg-devel] [PATCH 04/25] avfilter/af_headphone: Fix segfault when using very short streams

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Wed Sep 9 00:18:35 EEST 2020


When the headphone filter does its processing in the time domain,
the lengths of the buffers involved are determined by three parameters,
only two of which are relevant here: ir_len and air_len. The former is
the length (in samples) of the longest HRIR input stream and the latter
is the smallest power-of-two bigger than ir_len.

Using optimized functions to calculate the convolution places
restrictions on the alignment of the length of the vectors whose scalar
product is calculated. Therefore said length, namely ir_len, is aligned
on 32; but the number of elements of the buffers used is given by air_len
and for ir_len < 16 a buffer overflow happens.

This commit fixes this by ensuring that air_len is always >= 32 if
processing happens in the time domain.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavfilter/af_headphone.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavfilter/af_headphone.c b/libavfilter/af_headphone.c
index f488e0e28d..54b5dfec4c 100644
--- a/libavfilter/af_headphone.c
+++ b/libavfilter/af_headphone.c
@@ -405,6 +405,9 @@ static int convert_coeffs(AVFilterContext *ctx, AVFilterLink *inlink)
     int i, j, k;
 
     s->air_len = 1 << (32 - ff_clz(ir_len));
+    if (s->type == TIME_DOMAIN) {
+        s->air_len = FFALIGN(s->air_len, 32);
+    }
     s->buffer_length = 1 << (32 - ff_clz(s->air_len));
     s->n_fft = n_fft = 1 << (32 - ff_clz(ir_len + s->size));
 
-- 
2.20.1



More information about the ffmpeg-devel mailing list